List dedicated to discussions about use, configuration and deployment of
the IPA server. wrote:
> Hello,
> 
> There's a method to check the replication status of FreeIPA masters by
> looking at objectClass=nsDS5ReplicationAgreement in the "cn=mapping
> tree,cn=config" part of LDAP.
> 
> Unfortunately that requires Directory Admin level privileges.
> 
> Is there a method to check those replication agreement details that uses
> a much lower privilege?  We'd like to add a replication test to our
> Zabbix monitoring system, and we don't want to use the directory admin
> user ID :)

Create a privilege containing the permission "Read Replication
Agreements", add that to a new role, and your user to that role and that
should do it.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
  • ... List dedicated to discussions about use, configuration and deployment of the IPA server.
    • ... List dedicated to discussions about use, configuration and deployment of the IPA server.

Reply via email to